[mirror_acme.sh.git] / deploy / docker.sh

#!/usr/bin/env sh

#DEPLOY_DOCKER_CONTAINER_LABEL="xxxxxxx"
#DOCKER_HOST=/var/run/docker.sock | tcp://localhost:8888


#DEPLOY_DOCKER_CONTAINER_KEY_FILE="/path/to/key.pem"
#DEPLOY_DOCKER_CONTAINER_CERT_FILE="/path/to/cert.pem"
#DEPLOY_DOCKER_CONTAINER_CA_FILE="/path/to/ca.pem"
#DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/path/to/fullchain.pem"
#DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="service nginx force-reload"

_DEPLOY_DOCKER_WIKI="http://xxxxxx"

_DOCKER_HOST_DEFAULT="/var/run/docker.sock"

docker_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"

  if [ -z "$DEPLOY_DOCKER_CONTAINER_LABEL" ]; then
    _err "The DEPLOY_DOCKER_CONTAINER_LABEL variable is not defined, we use this label to find the container."
    _err "See: $_DEPLOY_DOCKER_WIKI"
  fi

  _savedomainconf DEPLOY_DOCKER_CONTAINER_LABEL "$DEPLOY_DOCKER_CONTAINER_LABEL"

  if [ "$DOCKER_HOST" ]; then
    _saveaccountconf DOCKER_HOST "$DOCKER_HOST"
  fi

  if _exists docker && docker version | grep -i docker >/dev/null; then
    _info "Using docker command"
    export _USE_DOCKER_COMMAND=1
  else
    export _USE_DOCKER_COMMAND=
  fi

  export _USE_UNIX_SOCKET=
  if [ -z "$_USE_DOCKER_COMMAND" ]; then
    export _USE_REST=
    if [ "$DOCKER_HOST" ]; then
      _debug "Try use docker host: $DOCKER_HOST"
      export _USE_REST=1
    else
      export _DOCKER_SOCK="$_DOCKER_HOST_DEFAULT"
      _debug "Try use $_DOCKER_SOCK"
      if [ ! -e "$_DOCKER_SOCK" ] || [ ! -w "$_DOCKER_SOCK" ]; then
        _err "$_DOCKER_SOCK is not available"
        return 1
      fi
      export _USE_UNIX_SOCKET=1
      if ! _exists "curl"; then
        _err "Please install curl first."
        _err "We need curl to work."
        return 1
      fi
      if ! _check_curl_version; then
        return 1
      fi
    fi
  fi

  if [ "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" ]; then
    _savedomainconf DEPLOY_DOCKER_CONTAINER_KEY_FILE "$DEPLOY_DOCKER_CONTAINER_KEY_FILE"
  fi

  if [ "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" ]; then
    _savedomainconf DEPLOY_DOCKER_CONTAINER_CERT_FILE "$DEPLOY_DOCKER_CONTAINER_CERT_FILE"
  fi

  if [ "$DEPLOY_DOCKER_CONTAINER_CA_FILE" ]; then
    _savedomainconf DEPLOY_DOCKER_CONTAINER_CA_FILE "$DEPLOY_DOCKER_CONTAINER_CA_FILE"
  fi

  if [ "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" ]; then
    _savedomainconf DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE"
  fi

  if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then
    _savedomainconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"
  fi

  _cid="$(_get_id "$DEPLOY_DOCKER_CONTAINER_LABEL")"
  _info "Container id: $_cid"
  if [ -z "$_cid" ]; then
    _err "can not find container id"
    return 1
  fi

  if [ "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" ]; then
    if ! _docker_cp "$_cid" "$_ckey" "$DEPLOY_DOCKER_CONTAINER_KEY_FILE"; then
      return 1
    fi
  fi

  if [ "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" ]; then
    if ! _docker_cp "$_cid" "$_ccert" "$DEPLOY_DOCKER_CONTAINER_CERT_FILE"; then
      return 1
    fi
  fi

  if [ "$DEPLOY_DOCKER_CONTAINER_CA_FILE" ]; then
    if ! _docker_cp "$_cid" "$_cca" "$DEPLOY_DOCKER_CONTAINER_CA_FILE"; then
      return 1
    fi
  fi

  if [ "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" ]; then
    if ! _docker_cp "$_cid" "$_cfullchain" "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE"; then
      return 1
    fi
  fi

  if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then
    if ! _docker_exec "$_cid" "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"; then
      return 1
    fi
  fi
  return 0
}

#label
_get_id() {
  _label="$1"
  if [ "$_USE_DOCKER_COMMAND" ]; then
    docker ps -f label="$_label" --format "{{.ID}}"
  elif [ "$_USE_REST" ]; then
    _err "Not implemented yet."
    return 1
  elif [ "$_USE_UNIX_SOCKET" ]; then
    _req="{\"label\":[\"$_label\"]}"
    _debug2 _req "$_req"
    _req="$(printf "%s" "$_req" | _url_encode)"
    _debug2 _req "$_req"
    listjson="$(_curl_unix_sock "${_DOCKER_SOCK:-$_DOCKER_HOST_DEFAULT}" GET "/containers/json?filters=$_req")" 
    _debug2 "listjson" "$listjson"
    echo "$listjson" | tr '{,' '\n' | grep -i '"id":' | _head_n 1 | cut -d '"' -f 4
  else
    _err "Not implemented yet."
    return 1
  fi
}

#id  cmd
_docker_exec() {
  _eargs="$@"
  _debug2 "_docker_exec $_eargs"
  _dcid="$1"
  shift
  if [ "$_USE_DOCKER_COMMAND" ]; then
    docker exec -i "$_dcid" $@
  elif [ "$_USE_REST" ]; then
    _err "Not implemented yet."
    return 1
  elif [ "$_USE_UNIX_SOCKET" ]; then
    _cmd="$@"
    _cmd="$(printf "$_cmd" | sed 's/ /","/g')"
    _debug2 _cmd "$_cmd"
    #create exec instance:
    cjson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/containers/$_dcid/exec" "{\"Cmd\": [\"$_cmd\"]}")";
    _debug2 cjson "$cjson"
    execid="$(echo "$cjson" | cut -d '"' -f 4)"
    _debug execid "$execid"
    ejson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/exec/$execid/start" "{\"Detach\": false,\"Tty\": false}")";
    _debug2 ejson "$ejson"
  else
    _err "Not implemented yet."
    return 1
  fi
}

#id from  to
_docker_cp() {
  _dcid="$1"
  _from="$2"
  _to="$3"
  _info "Copying file from $_from to $_to"
  _dir="$(dirname "$_to")"
  _docker_exec "$_dcid" mkdir -p "$_dir"
  if [ "$_USE_DOCKER_COMMAND" ]; then
    cat "$_from" | _docker_exec "$_dcid" tee "$_to" >/dev/null
    if [ "$?" = "0" ]; then
      _info "Success"
      return 0
    else
      _info "Error"
      return 1
    fi
  elif [ "$_USE_REST" ]; then
    _err "Not implemented yet."
    return 1
  elif [ "$_USE_UNIX_SOCKET" ]; then
    _frompath="$_from"
    if _startswith "$_frompath" '/'; then
      _frompath="$(echo "$_from" | cut -b 2- )" #remove the first '/' char
    fi
    _debug2 "_frompath" "$_frompath"
    _toname="$(basename "$_to")"
    _debug2 "_toname" "$_toname"
    if ! tar --transform="s,$_frompath,$_toname," -cz "$_from" 2>/dev/null | _curl_unix_sock "$_DOCKER_SOCK" PUT "/containers/$_dcid/archive?noOverwriteDirNonDir=1&path=$(printf "%s" "$_dir" | _url_encode)" '@-' "Content-Type: application/octet-stream"; then
      _err "copy error"
      return 1
    fi
    return 0
  else
    _err "Not implemented yet."
    return 1
  fi

}

#sock method  endpoint data content-type
_curl_unix_sock() {
  _socket="$1"
  _method="$2"
  _endpoint="$3"
  _data="$4"
  _ctype="$5"
  if [ -z "$_ctype" ]; then
    _ctype="Content-Type: application/json"
  fi
  _debug _data "$_data"
  _debug2 "url" "http://localhost$_endpoint"
  if [ "$_CURL_NO_HOST" ]; then
    _cux_url="http:$_endpoint"
  else
    _cux_url="http://localhost$_endpoint"
  fi

  if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
    curl -vvv --silent --unix-socket "$_socket" -X $_method --data-binary "$_data" --header "$_ctype" "$_cux_url"
  else
    curl      --silent --unix-socket "$_socket" -X $_method --data-binary "$_data" --header "$_ctype" "$_cux_url"
  fi

}

_check_curl_version() {
  _cversion="$(curl -V | grep '^curl ' | cut -d ' ' -f 2)"
  _debug2 "_cversion" "$_cversion"

  _major="$(_getfield "$_cversion" 1 '.')"
  _debug2 "_major" "$_major"

  _minor="$(_getfield "$_cversion" 2 '.')"
  _debug2 "_minor" "$_minor"

  if [ "$_major$_minor" -lt "740" ]; then
    _err "curl v$_cversion doesn't support unit socket"
    return 1
  fi
  if [ "$_major$_minor" -lt "750" ]; then
    _debug "Use short host name"
    export _CURL_NO_HOST=1
  else
    export _CURL_NO_HOST=
  fi
  return 0
}
Commit	Line	Data
561803c0	1	#!/usr/bin/env sh
	2
	3	#DEPLOY_DOCKER_CONTAINER_LABEL="xxxxxxx"
	4	#DOCKER_HOST=/var/run/docker.sock \| tcp://localhost:8888
	5
	6
	7	#DEPLOY_DOCKER_CONTAINER_KEY_FILE="/path/to/key.pem"
	8	#DEPLOY_DOCKER_CONTAINER_CERT_FILE="/path/to/cert.pem"
	9	#DEPLOY_DOCKER_CONTAINER_CA_FILE="/path/to/ca.pem"
	10	#DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/path/to/fullchain.pem"
	11	#DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="service nginx force-reload"
	12
	13	_DEPLOY_DOCKER_WIKI="http://xxxxxx"
	14
	15	_DOCKER_HOST_DEFAULT="/var/run/docker.sock"
	16
	17	docker_deploy() {
	18	_cdomain="$1"
	19	_ckey="$2"
	20	_ccert="$3"
	21	_cca="$4"
	22	_cfullchain="$5"
	23
	24	if [ -z "$DEPLOY_DOCKER_CONTAINER_LABEL" ]; then
	25	_err "The DEPLOY_DOCKER_CONTAINER_LABEL variable is not defined, we use this label to find the container."
	26	_err "See: $_DEPLOY_DOCKER_WIKI"
	27	fi
	28
	29	_savedomainconf DEPLOY_DOCKER_CONTAINER_LABEL "$DEPLOY_DOCKER_CONTAINER_LABEL"
	30
	31	if [ "$DOCKER_HOST" ]; then
	32	_saveaccountconf DOCKER_HOST "$DOCKER_HOST"
	33	fi
	34
	35	if _exists docker && docker version \| grep -i docker >/dev/null; then
	36	_info "Using docker command"
	37	export _USE_DOCKER_COMMAND=1
	38	else
	39	export _USE_DOCKER_COMMAND=
	40	fi
	41
	42	export _USE_UNIX_SOCKET=
	43	if [ -z "$_USE_DOCKER_COMMAND" ]; then
	44	export _USE_REST=
	45	if [ "$DOCKER_HOST" ]; then
	46	_debug "Try use docker host: $DOCKER_HOST"
	47	export _USE_REST=1
	48	else
	49	export _DOCKER_SOCK="$_DOCKER_HOST_DEFAULT"
	50	_debug "Try use $_DOCKER_SOCK"
	51	if [ ! -e "$_DOCKER_SOCK" ] \|\| [ ! -w "$_DOCKER_SOCK" ]; then
	52	_err "$_DOCKER_SOCK is not available"
	53	return 1
	54	fi
	55	export _USE_UNIX_SOCKET=1
	56	if ! _exists "curl"; then
	57	_err "Please install curl first."
	58	_err "We need curl to work."
	59	return 1
	60	fi
	61	if ! _check_curl_version; then
	62	return 1
	63	fi
	64	fi
65	fi
66
67	if [ "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" ]; then
68	_savedomainconf DEPLOY_DOCKER_CONTAINER_KEY_FILE "$DEPLOY_DOCKER_CONTAINER_KEY_FILE"
69	fi
70
71	if [ "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" ]; then
72	_savedomainconf DEPLOY_DOCKER_CONTAINER_CERT_FILE "$DEPLOY_DOCKER_CONTAINER_CERT_FILE"
73	fi
74
75	if [ "$DEPLOY_DOCKER_CONTAINER_CA_FILE" ]; then
76	_savedomainconf DEPLOY_DOCKER_CONTAINER_CA_FILE "$DEPLOY_DOCKER_CONTAINER_CA_FILE"
77	fi
78
79	if [ "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" ]; then
80	_savedomainconf DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE"
81	fi
82
83	if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then
84	_savedomainconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"
85	fi
86
87	_cid="$(_get_id "$DEPLOY_DOCKER_CONTAINER_LABEL")"
88	_info "Container id: $_cid"
89	if [ -z "$_cid" ]; then
90	_err "can not find container id"
91	return 1
92	fi
93
94	if [ "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" ]; then
95	if ! _docker_cp "$_cid" "$_ckey" "$DEPLOY_DOCKER_CONTAINER_KEY_FILE"; then
96	return 1
97	fi
98	fi
99
100	if [ "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" ]; then
101	if ! _docker_cp "$_cid" "$_ccert" "$DEPLOY_DOCKER_CONTAINER_CERT_FILE"; then
102	return 1
103	fi
104	fi
105
106	if [ "$DEPLOY_DOCKER_CONTAINER_CA_FILE" ]; then
107	if ! _docker_cp "$_cid" "$_cca" "$DEPLOY_DOCKER_CONTAINER_CA_FILE"; then
108	return 1
109	fi
110	fi
111
112	if [ "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" ]; then
113	if ! _docker_cp "$_cid" "$_cfullchain" "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE"; then
114	return 1
115	fi
116	fi
117
118	if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then
119	if ! _docker_exec "$_cid" "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"; then
120	return 1
121	fi
122	fi
123	return 0
124	}
125
126	#label
127	_get_id() {
128	_label="$1"
129	if [ "$_USE_DOCKER_COMMAND" ]; then
130	docker ps -f label="$_label" --format "{{.ID}}"
131	elif [ "$_USE_REST" ]; then
132	_err "Not implemented yet."
133	return 1
134	elif [ "$_USE_UNIX_SOCKET" ]; then
135	_req="{\"label\":[\"$_label\"]}"
136	_debug2 _req "$_req"
137	_req="$(printf "%s" "$_req" \| _url_encode)"
138	_debug2 _req "$_req"
139	listjson="$(_curl_unix_sock "${_DOCKER_SOCK:-$_DOCKER_HOST_DEFAULT}" GET "/containers/json?filters=$_req")"
140	_debug2 "listjson" "$listjson"
141	echo "$listjson" \| tr '{,' '\n' \| grep -i '"id":' \| _head_n 1 \| cut -d '"' -f 4
142	else
143	_err "Not implemented yet."
144	return 1
145	fi
146	}
147
148	#id cmd
149	_docker_exec() {
150	_eargs="$@"
151	_debug2 "_docker_exec $_eargs"
152	_dcid="$1"
153	shift
154	if [ "$_USE_DOCKER_COMMAND" ]; then
155	docker exec -i "$_dcid" $@
156	elif [ "$_USE_REST" ]; then
157	_err "Not implemented yet."
158	return 1
159	elif [ "$_USE_UNIX_SOCKET" ]; then
160	_cmd="$@"
161	_cmd="$(printf "$_cmd" \| sed 's/ /","/g')"
162	_debug2 _cmd "$_cmd"
163	#create exec instance:
164	cjson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/containers/$_dcid/exec" "{\"Cmd\": [\"$_cmd\"]}")";
165	_debug2 cjson "$cjson"
166	execid="$(echo "$cjson" \| cut -d '"' -f 4)"
167	_debug execid "$execid"
168	ejson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/exec/$execid/start" "{\"Detach\": false,\"Tty\": false}")";
169	_debug2 ejson "$ejson"
170	else
171	_err "Not implemented yet."
172	return 1
173	fi
174	}
175
176	#id from to
177	_docker_cp() {
178	_dcid="$1"
179	_from="$2"
180	_to="$3"
181	_info "Copying file from $_from to $_to"
182	_dir="$(dirname "$_to")"
183	_docker_exec "$_dcid" mkdir -p "$_dir"
184	if [ "$_USE_DOCKER_COMMAND" ]; then
185	cat "$_from" \| _docker_exec "$_dcid" tee "$_to" >/dev/null
186	if [ "$?" = "0" ]; then
187	_info "Success"
188	return 0
189	else
190	_info "Error"
191	return 1
192	fi
193	elif [ "$_USE_REST" ]; then
194	_err "Not implemented yet."
195	return 1
196	elif [ "$_USE_UNIX_SOCKET" ]; then
197	_frompath="$_from"
198	if _startswith "$_frompath" '/'; then
199	_frompath="$(echo "$_from" \| cut -b 2- )" #remove the first '/' char
200	fi
201	_debug2 "_frompath" "$_frompath"
202	_toname="$(basename "$_to")"
203	_debug2 "_toname" "$_toname"
204	if ! tar --transform="s,$_frompath,$_toname," -cz "$_from" 2>/dev/null \| _curl_unix_sock "$_DOCKER_SOCK" PUT "/containers/$_dcid/archive?noOverwriteDirNonDir=1&path=$(printf "%s" "$_dir" \| _url_encode)" '@-' "Content-Type: application/octet-stream"; then
205	_err "copy error"
206	return 1
207	fi
208	return 0
209	else
210	_err "Not implemented yet."
211	return 1
212	fi
213
214	}
215
216	#sock method endpoint data content-type
217	_curl_unix_sock() {
218	_socket="$1"
219	_method="$2"
220	_endpoint="$3"
221	_data="$4"
222	_ctype="$5"
223	if [ -z "$_ctype" ]; then
224	_ctype="Content-Type: application/json"
225	fi
226	_debug _data "$_data"
227	_debug2 "url" "http://localhost$_endpoint"
228	if [ "$_CURL_NO_HOST" ]; then
229	_cux_url="http:$_endpoint"
230	else
231	_cux_url="http://localhost$_endpoint"
232	fi
233
234	if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
235	curl -vvv --silent --unix-socket "$_socket" -X $_method --data-binary "$_data" --header "$_ctype" "$_cux_url"
236	else
237	curl --silent --unix-socket "$_socket" -X $_method --data-binary "$_data" --header "$_ctype" "$_cux_url"
238	fi
239
240	}
241
242	_check_curl_version() {
243	_cversion="$(curl -V \| grep '^curl ' \| cut -d ' ' -f 2)"
244	_debug2 "_cversion" "$_cversion"
245
246	_major="$(_getfield "$_cversion" 1 '.')"
247	_debug2 "_major" "$_major"
248
249	_minor="$(_getfield "$_cversion" 2 '.')"
250	_debug2 "_minor" "$_minor"
251
252	if [ "$_major$_minor" -lt "740" ]; then
253	_err "curl v$_cversion doesn't support unit socket"
254	return 1
255	fi
256	if [ "$_major$_minor" -lt "750" ]; then
257	_debug "Use short host name"
258	export _CURL_NO_HOST=1
259	else
260	export _CURL_NO_HOST=
261	fi
262	return 0
263	}
264